Prevent unapproved users from logging in
This commit is contained in:
parent
51ab8d0128
commit
e4e5577818
2 changed files with 39 additions and 1 deletions
|
@ -337,6 +337,16 @@ defp handle_token_exchange_error(%Plug.Conn{} = conn, {:account_status, :confirm
|
|||
)
|
||||
end
|
||||
|
||||
defp handle_token_exchange_error(%Plug.Conn{} = conn, {:account_status, :approval_pending}) do
|
||||
render_error(
|
||||
conn,
|
||||
:forbidden,
|
||||
"Your account is awaiting approval.",
|
||||
%{},
|
||||
"awaiting_approval"
|
||||
)
|
||||
end
|
||||
|
||||
defp handle_token_exchange_error(%Plug.Conn{} = conn, _error) do
|
||||
render_invalid_credentials_error(conn)
|
||||
end
|
||||
|
|
|
@ -19,7 +19,10 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
|
|||
key: "_test",
|
||||
signing_salt: "cooldude"
|
||||
]
|
||||
setup do: clear_config([:instance, :account_activation_required])
|
||||
setup do
|
||||
clear_config([:instance, :account_activation_required])
|
||||
clear_config([:instance, :account_approval_required])
|
||||
end
|
||||
|
||||
describe "in OAuth consumer mode, " do
|
||||
setup do
|
||||
|
@ -995,6 +998,31 @@ test "rejects token exchange for user with confirmation_pending set to true" do
|
|||
}
|
||||
end
|
||||
|
||||
test "rejects token exchange for valid credentials belonging to an unapproved user and approval is required" do
|
||||
Pleroma.Config.put([:instance, :account_approval_required], true)
|
||||
password = "testpassword"
|
||||
|
||||
user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password), approval_pending: true)
|
||||
|
||||
refute Pleroma.User.account_status(user) == :active
|
||||
|
||||
app = insert(:oauth_app)
|
||||
|
||||
conn =
|
||||
build_conn()
|
||||
|> post("/oauth/token", %{
|
||||
"grant_type" => "password",
|
||||
"username" => user.nickname,
|
||||
"password" => password,
|
||||
"client_id" => app.client_id,
|
||||
"client_secret" => app.client_secret
|
||||
})
|
||||
|
||||
assert resp = json_response(conn, 403)
|
||||
assert %{"error" => _} = resp
|
||||
refute Map.has_key?(resp, "access_token")
|
||||
end
|
||||
|
||||
test "rejects an invalid authorization code" do
|
||||
app = insert(:oauth_app)
|
||||
|
||||
|
|
Loading…
Reference in a new issue